I'm using EL in my JSP. For example
Case 1:
<h5>${fgst.userFlag}</h5>
Case 2:
<h5>${fgst.getUserFlag()}</h5>
I want to know, Do case 2 is more secure and safe way to access data from model then case 1 ?
Asked
Active
Viewed 147 times
0
BalusC
- 1,082,665
- 372
- 3,610
- 3,555
Dark Matter
- 300
- 2
- 15
1 Answers
3
There is absolutely no difference in security.
Note that ${fgst.userFlag} does not access the field at all. Under the covers, it converts the property name userFlag to a getter method getUserFlag() and finally invokes it on the instance represented by ${fgst}. In other words, it does exactly the same as ${fgst.getUserFlag()}.
You can confirm for yourself by renaming the field name while keeping the getter method name unchanged. You'll notice that both approaches continue to work and that they both actually invoke the getter method, which can also be observed by putting a debug breakpoint on the getter method.
